Hi,
The constructor for L4_msg_tag looks bogus wrt. the items() bits. The argument value should be mask and then shifted and not vice versa.
There is a single caller that passes a non-NULL value that needs checking though.
regards Christian
diff --git a/src/kernel/fiasco/src/abi/l4_types.cpp b/src/kernel/fiasco/src/abi/l4_types.cpp index 6a98f2d..96360f9 100644 --- a/src/kernel/fiasco/src/abi/l4_types.cpp +++ b/src/kernel/fiasco/src/abi/l4_types.cpp @@ -399,7 +399,7 @@ bool Utcb::inherit_fpu() const PUBLIC inline L4_msg_tag::L4_msg_tag(unsigned words, unsigned items, unsigned long flags, unsigned long proto) - : _tag((words & 0x3f) | ((items << 6) & 0x3f) | flags | (proto << 16)) + : _tag((words & 0x3f) | ((items & 0x3f) << 6) | flags | (proto << 16)) {}
PUBLIC inline diff --git a/src/kernel/fiasco/src/kern/factory.cpp b/src/kernel/fiasco/src/kern/factory.cpp index 144130b..bbf8e43 100644 --- a/src/kernel/fiasco/src/kern/factory.cpp +++ b/src/kernel/fiasco/src/kern/factory.cpp @@ -104,6 +104,7 @@ Factory::map_obj(Kobject_iface *o, Mword cap, Space *c_space, }
// FIXME: reap stuff if needed + /* XXX CEH: This will generate a result tag with one item, what is it? */ return commit_result(0, 0, 1); }